Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

labring — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting labring. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Labring operates as a cloud service provider focusing on AI and big data infrastructure solutions. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for the majority of their 18 recorded CVEs. Notable security characteristics include exposure in container orchestration platforms and API endpoints, with several critical RCE vulnerabilities identified in their Kubernetes management tools. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in core infrastructure components suggests potential risks for enterprise deployments relying on their platform.

Top products by labring: FastGPT sealos laf
CVE IDTitleCVSSSeverityPublished
CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation — FastGPTCWE-918--2026-05-08
CVE-2026-44284 FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution — FastGPTCWE-918 6.3 Medium2026-05-08
CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot — FastGPTCWE-918 7.7 High2026-05-08
CVE-2026-42344 FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints — FastGPTCWE-367 6.3 Medium2026-05-08
CVE-2026-42343 FastGPT: Uncontrolled Resource Consumption leading to Sandbox Exhaustion — FastGPTCWE-400--2026-05-08
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox — FastGPTCWE-306 9.8 Critical2026-05-08
CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover — FastGPTCWE-943 8.8 High2026-04-17
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass — FastGPTCWE-943 9.8 Critical2026-04-17
CVE-2026-40252 Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT — FastGPTCWE-284 8.8 -2026-04-10
CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default — FastGPTCWE-918 5.3 Medium2026-04-10
CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft — FastGPTCWE-306 10.0 Critical2026-03-31
CVE-2026-34163 Server-Side Request Forgery via MCP Tools Endpoint in FastGPT — FastGPTCWE-918 7.7 High2026-03-31
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml — FastGPTCWE-494 7.5 -2026-03-20
CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction — FastGPTCWE-184 6.3 Medium2026-03-11
CVE-2026-26075 Cross-Site Request Forgery (CSRF) in FastGPT — FastGPTCWE-352 5.3AIMediumAI2026-02-12
CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack — FastGPTCWE-601 6.5AIMediumAI2026-02-10
CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability — FastGPTCWE-918 9.1AICriticalAI2025-10-22
CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS — FastGPTCWE-601 6.1AIMediumAI2025-06-21
CVE-2025-49131 FastGPT Sandbox Vulnerable to Sandbox Bypass — FastGPTCWE-732 6.3 Medium2025-06-09
CVE-2025-27600 FastGPT SSRF — FastGPTCWE-918 7.5 -2025-03-06
CVE-2023-50253 laf logs leak — lafCWE-200 9.7 Critical2024-01-03
CVE-2023-48225 Laf env causes sensitive information disclosure — lafCWE-200 8.9 High2023-12-12
CVE-2023-36815 Sealos billing system permission control defect — sealosCWE-862 7.3 High2023-07-03
CVE-2023-33190 Improperly configured permissions in Sealos — sealosCWE-287 10.0 Critical2023-06-29

This page lists every published CVE security advisory associated with labring. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.